Only Biomimicry Will Save Cybersecurity

The massive Distributed Denial of Service (DDoS) cyberattack which took down a raft of websites (Twitter, Reddit, Spotify, CNN, The New York Times, Etsy) last Friday comes as a stark reminder of the most elementary axiom of internet security: if it’s silicon, it’s vulnerable.

In 2012, legendary hacker Barnaby Jack helped one of us deliver a keynote demonstrating how an insulin pump patient could be killed from almost 300 feet away. One year later, in 2013, he took that research and extended it claiming he could “Pwn” a pacemaker using the same freely available tools. He was about to demonstrate his technique at the Black Hat security conference in Las Vegas when he tragically died. Here is the word-for-word abstract of the talk Barnaby Jack never delivered:

In 2006 approximately 350,000 pacemakers and 173,000 ICDs (Implantable Cardioverter Defibrillators) were implanted in the US alone. 2006 was an important year, as that’s when the FDA began approving fully wireless based devices. Today there are well over 3 million pacemakers and over 1.7 million ICD’s in use. This talk will focus on the security of wireless implantable medical devices. I will discuss how these devices operate and communicate and the security shortcomings of the current protocols. Our internal research software will be revealed that utilizes a common bedside transmitter to scan for, and interrogate individual medical implants. I will also discuss ideas manufacturers can implement to improve the security of these devices.
What many people learned last week with the DDoS attacks, we have known for decades: systems connected expose themselves to massive breach-ability.

Cognitive systems (humans, nation-states, corporations, the Internet) are anti-fragile—what does not kill them makes them stronger. The organization currently “learning to take down the Internet,” as security expert Bruce Schneier put it, is adjusting small hard-hitting yet non-decisive punches to its infrastructure the way a boxer probes his opponent’s defenses at the beginning of a fight. These hackers are building up those defenses in a non-linear fashion. Precisely because these DDoS attacks are well-targeted and well-executed, they will probably turn out to be a blessing for the entire web by reinforcing its anti-fragility. Truth is, the Web has been in dire need of such a sparring partner.

Which is also why last week’s attack underscores the need for an immune system of the web. Tomorrow’s security software will evolve as a predator-prey dynamic system, with each software population acquiring new characteristics until the entire system stabilizes its software diversity the same way an ecosystem stabilizes its biodiversity.

“Natural” intelligence is for the time being still surpassing the one we like to call artificial; in nature, the ultimate measure of intelligence is, well… survival. Deep learning mimics nature: looking at the Internet as an organism, we can attempt to copy the way organisms ensure their internal security. Our body is protected by an entangled web of both network and endpoint security solutions: there is a dedicated immune system for our brain while white blood cells patrol our entire bloodstream (the network) simultaneously.

Some parts of our immune system can be protected by a vaccine, others can’t, but they are all anti-fragile. As some work to engineer Internet Transmitted Diseases, we need to increase our prophylactic, diagnostic and curative proficiency accordingly. This is where artificial intelligence, as a constantly evolving service generator, will become our main ally.

Artificial evolution, as one critical tool of deep learning, is in fact mimicking nature, though at a much faster rate. Today it is possible to “breed” and evolve software in the same way humans evolved and bred cats and dogs over the course of centuries, for company or for security. The mine detection dogs of tomorrow’s Internet will be evolved in silicon, at a rate of a trillion generations per second and inspired by a single question: if the World Wide Web is critical to our Noosphere (the sphere of all human thoughts as defined by French paleontologist Pierre Teilhard de Chardin), how would nature reinforce it to resist tomorrow’s Silicon-based influenza, thereby turning every attack into an opportunity? In nature, there is no good or bad; some of our genes come straight from our ancestors’ viruses and parasites, indeed it is likely that the very organelles that allow our cells to breathe (mitochondria) are actually domesticated sycophants. Intelligence, which comes from the Latin inter-ligere (making connections) is coextensive with life. The more our interconnected world resembles living things, the more versatile and useful our security software will be.